(fix merge error).

Reland Disallow chrome.tabs.executeScript from injecting code into gallery TBR=aa BUG=30146 TEST=browertest is pending: http://codereview.chromium.org/506066 Original review: http://codereview.chromium.org/501098/ Review URL: http://codereview.chromium.org/518005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35202 0039d316-1c4b-4281-b951-d872f2087c98
author: rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-12-23 02:45:48 +0000
committer: rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-12-23 02:45:48 +0000
commit: d146b8311c38186872d2be3764e2c2d66827107f (patch)
tree: d9ee73fe6c704a3964f87ad15248274048779233 /chrome
parent: 6ab764bdbed6489c5eaf5f50923bce20bcf6c854 (diff)
download: chromium_src-d146b8311c38186872d2be3764e2c2d66827107f.zip
chromium_src-d146b8311c38186872d2be3764e2c2d66827107f.tar.gz
chromium_src-d146b8311c38186872d2be3764e2c2d66827107f.tar.bz2
4 files changed, 22 insertions, 0 deletions
diff --git a/chrome/browser/extensions/execute_code_in_tab_function.cc b/chrome/browser/extensions/execute_code_in_tab_function.cc
index 5dc6690..3d15458 100644
--- a/chrome/browser/extensions/execute_code_in_tab_function.cc
+++ b/chrome/browser/extensions/execute_code_in_tab_function.cc
@@ -11,6 +11,7 @@
 #include "chrome/browser/extensions/file_reader.h"
 #include "chrome/browser/tab_contents/tab_contents.h"
 #include "chrome/common/extensions/extension.h"
+#include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/extensions/extension_error_utils.h"
 
 namespace keys = extension_tabs_module_constants;
@@ -68,6 +69,16 @@ bool ExecuteCodeInTabFunction::RunImpl() {
   DCHECK(browser);
   DCHECK(contents);
 
+  // Disallow executeScript when the target contents is a gallery page.
+  // This mirrors a check in UserScriptSlave::InjectScripts
+  // NOTE: This can give the wrong answer due to race conditions, but it is OK,
+  // we check again in the renderer.
+  if (contents->GetURL().host() ==
+      GURL(extension_urls::kGalleryBrowsePrefix).host()) {
+    error_ = keys::kCannotScriptGalleryError;
+    return false;
+  }
+
   // NOTE: This can give the wrong answer due to race conditions, but it is OK,
   // we check again in the renderer.
   if (!GetExtension()->CanAccessHost(contents->GetURL())) {
diff --git a/chrome/browser/extensions/extension_tabs_module_constants.cc b/chrome/browser/extensions/extension_tabs_module_constants.cc
index a3fc48d..0d21460 100644
--- a/chrome/browser/extensions/extension_tabs_module_constants.cc
+++ b/chrome/browser/extensions/extension_tabs_module_constants.cc
@@ -44,6 +44,8 @@ const char kInternalVisibleTabCaptureError[] =
 const char kNotImplementedError[] = "This call is not yet implemented";
 const char kCannotAccessPageError[] = "Cannot access contents of url \"*\". "
     "Extension manifest must request permission to access this host.";
+const char kCannotScriptGalleryError[] = "The extensions gallery cannot be "
+    "scripted.";
 const char kSupportedInWindowsOnlyError[] = "Supported in Windows only";
 
 const char kNoCodeOrFileToExecuteError[] = "No source code or file specified.";
diff --git a/chrome/browser/extensions/extension_tabs_module_constants.h b/chrome/browser/extensions/extension_tabs_module_constants.h
index 6e0967d..a8bf1ac 100644
--- a/chrome/browser/extensions/extension_tabs_module_constants.h
+++ b/chrome/browser/extensions/extension_tabs_module_constants.h
@@ -48,6 +48,7 @@ extern const char kInvalidUrlError[];
 extern const char kInternalVisibleTabCaptureError[];
 extern const char kNotImplementedError[];
 extern const char kCannotAccessPageError[];
+extern const char kCannotScriptGalleryError[];
 extern const char kSupportedInWindowsOnlyError[];
 
 extern const char kNoCodeOrFileToExecuteError[];
diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc
index 6313755..709c313 100644
--- a/chrome/renderer/render_view.cc
+++ b/chrome/renderer/render_view.cc
@@ -26,6 +26,7 @@
 #include "chrome/common/child_process_logging.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/chrome_constants.h"
+#include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/jstemplate_builder.h"
 #include "chrome/common/page_zoom.h"
 #include "chrome/common/plugin_messages.h"
@@ -3841,6 +3842,13 @@ void RenderView::OnExecuteCode(const ViewMsg_ExecuteCode_Params& params) {
 
 void RenderView::ExecuteCodeImpl(WebFrame* frame,
                                  const ViewMsg_ExecuteCode_Params& params) {
+  // Don't execute scripts in gallery pages.
+  GURL frame_url = GURL(frame->url());
+  if (frame_url.host() == GURL(extension_urls::kGalleryBrowsePrefix).host()) {
+    Send(new ViewMsg_ExecuteCodeFinished(routing_id_, params.request_id, true));
+    return;
+  }
+
   std::vector<WebFrame*> frame_vector;
   frame_vector.push_back(frame);
   if (params.all_frames)
author	rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-12-23 02:45:48 +0000
committer	rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-12-23 02:45:48 +0000
commit	d146b8311c38186872d2be3764e2c2d66827107f (patch)
tree	d9ee73fe6c704a3964f87ad15248274048779233 /chrome
parent	6ab764bdbed6489c5eaf5f50923bce20bcf6c854 (diff)
download	chromium_src-d146b8311c38186872d2be3764e2c2d66827107f.zip chromium_src-d146b8311c38186872d2be3764e2c2d66827107f.tar.gz chromium_src-d146b8311c38186872d2be3764e2c2d66827107f.tar.bz2